注意:这可能与我提出的先前问题重复。我已经对这个问题进行了评论,以产生一个更简洁和可运行的版本。
我修补了前一篇文章中指出的内存泄漏。现在,我收到了双重免费错误。我在power_arr()函数中评论了我认为发生 double free 错误的地方。我发布了另一个问题,使用相同的模式操作trim()函数,没有收到错误。我试图理解双重免费错误的确切原因,因为tmp内指针power_arr()的管理似乎是合理的。
确切的错误消息如下:
*** Error in `./a.out': double free or corruption (fasttop): 0x00000000017a5fc0 ***
Aborted
代码的目的是将大整数作为整数数组处理。更具体地说,处理2 ^ 1000范围内的整数。
旁注,函数pad()和枚举SIDE。给定数组int n[] = { 1, 2 };。调用pad() SIDE设为LOW,即0,new_length为5,返回的数组如下; {0,0,0,1,2}。如果SIDE设置为HIGH,则结果为{1,2,0,0,0}。
#include <stdlib.h>
#include <stdio.h>
#define MAX(a, b) (a > b) ? a : b
#define MIN(a, b) (a < b) ? a : b
enum SIDE { LOW, HIGH };
int *pad(int *n, int nlength, int new_length, enum SIDE side);
int *sum(int *n, int nlength, int *m, int mlength, int *sum_length);
int *power_arr(int *n, int nlength, int exp, int *res_length);
int *trim(int *n, int nlength, int *res_length);
void copy(int *to, int *from, int length);
int main(void)
{
int b[] = { 2 };
int r, i;
int *rlength, *res;
r = 0;
rlength = &r;
res = power_arr(b, 1, 4, rlength);
printf("Length = %d\n", *rlength);
for (i = 0; i < *rlength; i++)
{
printf("i = %d\n", res[i]);
}
free(res);
exit(0);
}
int *pad(int *n, int nlength, int new_length, enum SIDE side)
{
int i, j;
int *padded;
if (nlength < 1 || new_length <= nlength)
{
return NULL;
}
padded = calloc(new_length, sizeof(int));
if (!padded)
{
return NULL;
}
if (side == LOW)
{
j = new_length - 1;
for (i = (nlength - 1); i >= 0; i--)
{
padded[j--] = n[i];
}
}
else
{
j = 0;
for (i = 0; i < nlength; i++)
{
padded[j++] = n[i];
}
}
return padded;
}
int *trim(int *n, int nlength, int *res_length)
{
int i, j;
int *res;
for (i = 0; i < nlength; i++)
{
if (n[i] > 0)
{
break;
}
}
*res_length = (nlength - i);
res = malloc(sizeof(int) * (*res_length));
if (!res)
{
return NULL;
}
j = 0;
while (i < nlength)
{
res[j++] = n[i++];
}
return res;
}
int *sum(int *n, int nlength, int *m, int mlength, int *sum_length)
{
int i, tmp, carry, padded;
int *result, *trimmed, *op1, *op2;
enum SIDE side = LOW;
if (nlength == mlength)
{
op1 = n;
op2 = m;
}
else if (nlength > mlength)
{
op1 = n;
op2 = pad(m, mlength, nlength, side);
padded = 1;
}
else
{
op1 = m;
op2 = pad(n, nlength, mlength, side);
padded = 1;
}
result = malloc(sizeof(int) * (MAX(nlength, mlength) + 1));
if (!op1 || !op2 || !result)
{
if (padded)
{
free(op2);
}
free(result);
return NULL;
}
carry = 0;
for (i = (MAX(nlength, mlength)) - 1; i >= 0; i--)
{
tmp = op1[i] + op2[i] + carry;
if (carry > 0)
{
carry = 0;
}
if (tmp >= 10)
{
carry = tmp / 10;
tmp = tmp % 10;
}
result[i + 1] = tmp;
}
if (padded)
{
free(op2);
}
if (carry > 0)
{
result[0] = carry--;
}
*sum_length = (MAX(nlength, mlength)) + 1;
trimmed = trim(result, *sum_length, sum_length);
free(result);
return trimmed;
}
void copy(int *to, int *from, int length)
{
int i;
for (i = 0; i < length; i++)
{
to[i] = from[i];
}
}
int *power_arr(int *n, int nlength, int exp, int *res_length)
{
int *tmp, *rt, *bufp;
int bufp_length, i, dbg_i;
rt = malloc(sizeof(int) * 1000);
bufp = malloc(sizeof(int) * 1000);
if (!rt || !bufp)
{
free(rt);
free(bufp);
return NULL;
}
copy(rt, n, nlength);
copy(bufp, n, nlength);
*res_length = bufp_length = nlength;
while (--exp > 0)
{
for (i = *n - 1; i > 0; i--)
{
tmp = sum(rt, *res_length, bufp, bufp_length, res_length);
if (!tmp)
{
printf("tmp was null\n");
exit(-1);
}
copy(rt, tmp, *res_length);
if (tmp)
{
free(tmp); // double-free error occurs here, on subsequent iterations
tmp = NULL;
}
}
copy(bufp, rt, *res_length);
bufp_length = *res_length;
}
free(bufp);
return rt;
}
注意,我会删除这个问题的原始问题,但我觉得这是我的“ Malloc返回相同值 - 没有双重免费错误”问题的分支。随着该问题的后续调试导致了这一点。
答案 0 :(得分:2)
Arrays.copy中未定义 padded。通过将sum()初始化为零,padded逻辑可以正确执行。